Why I receive CERTIFICATE_VERIFY_FAILED from google adwords api? - python-2.7

Why google adwords api stops on call this link:
https://adwords.google.com/api/adwords/mcm/v201502/CustomerService?wsdl
With this error - should I load some certificate before and how?
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>
Using Python 2.7.10.
Full source code:
create_adwords_client_without_yaml.py
Full error code:
Traceback (most recent call last):
File "C:/Users/Crezary Wagner/PycharmProjects/learn-adwords/src/examples/create_adwords_client_without_yaml.py", line 56, in <module>
CLIENT_CUSTOMER_ID)
File "C:/Users/Crezary Wagner/PycharmProjects/learn-adwords/src/examples/create_adwords_client_without_yaml.py", line 50, in main
customer = adwords_client.GetService('CustomerService').get()
File "C:\root\Python27\lib\site-packages\googleads\adwords.py", line 256, in GetService
proxy=proxy_option, cache=self.cache, timeout=3600)
File "C:\root\Python27\lib\site-packages\suds\client.py", line 115, in __init__
self.wsdl = reader.open(url)
File "C:\root\Python27\lib\site-packages\suds\reader.py", line 150, in open
d = self.fn(url, self.options)
File "C:\root\Python27\lib\site-packages\suds\wsdl.py", line 136, in __init__
d = reader.open(url)
File "C:\root\Python27\lib\site-packages\suds\reader.py", line 74, in open
d = self.download(url)
File "C:\root\Python27\lib\site-packages\suds\reader.py", line 92, in download
fp = self.options.transport.open(Request(url))
File "C:\root\Python27\lib\site-packages\suds\transport\https.py", line 62, in open
return HttpTransport.open(self, request)
File "C:\root\Python27\lib\site-packages\suds\transport\http.py", line 67, in open
return self.u2open(u2request)
File "C:\root\Python27\lib\site-packages\suds\transport\http.py", line 132, in u2open
return url.open(u2request, timeout=tm)
File "C:\root\Python27\lib\urllib2.py", line 431, in open
response = self._open(req, data)
File "C:\root\Python27\lib\urllib2.py", line 449, in _open
'_open', req)
File "C:\root\Python27\lib\urllib2.py", line 409, in _call_chain
result = func(*args)
File "C:\root\Python27\lib\urllib2.py", line 1240, in https_open
context=self._context)
File "C:\root\Python27\lib\urllib2.py", line 1197, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

Python uses certificates from 'system ssl certificate store' to certify https connection, if there is not any appropriate ssl cert in the store error occurs like this.
Download ssl certificate (Open your https link in browser and click lock icon in address bar > More Information > View Certificate > Details > Export) and install it on your system as stated this link http://windows.microsoft.com/en-us/windows/import-export-certificates-private-keys#1TC=windows-7

Not sure if that's the problem here, but worth checking it.
Python 2.7.9 enabled certificate validation by default for HTTP connections.
The server you're connecting to does not have a certificate that is trusted by your client. pysphere should configure SSL appropriately for this use case.
Try making your request like:
requests.get('https://adwords.google.com/api/adwords/mcm/v201502/CustomerService?wsdl', verify=False)

Try this, it helped me:
import ssl
ssl._create_default_https_context = ssl._create_unverified_context

I encountered this issue. I had my phone setup using the same DNS block list and it wasn't immediately apparent after I'd enabled the tool and resumed work on this particular project. I suggest scrutinizing your setup and verify that there aren't any adblockers (DNS level in my case ala NextDNS/hosted PiHole) enabled. Hours upon hours spent trying out python versions, certificates, reinstalling things. Hope this helps someone!

Related

Using tools.run_flow() raises SSLHandshake "certificate verify" error in Google Sheets API tutorial

I'm am pretty much following the Google Sheets getting started (in Python) to a tee. I've gotten the program to work on my Mac laptop, but it is failing as I am trying to run it on Windows. So far, I've checked that we do not have the firewall enabled on the machine.
Below is the error that appears after clicking through the authentication prompts that pop up in the browser.
Traceback (most recent call last):
File "Authenticate.py", line 47, in <module>
main()
File "Authenticate.py", line 43, in main
tools.run_flow(flow, store)
File "C:\johnsnow\packages\test\lib\site-packages\oauth2client\_helpers.py", line 133, in positional_wrapper
return wrapped(*args, **kwargs)
File "C:\johnsnow\packages\test\lib\site-packages\oauth2client\tools.py", line 243, in run_flow
credential = flow.step2_exchange(code, http=http)
File "C:\johnsnow\packages\test\lib\site-packages\oauth2client\_helpers.py", line 133, in positional_wrapper
return wrapped(*args, **kwargs)
File "C:\johnsnow\packages\test\lib\site-packages\oauth2client\client.py", line 2054, in step2_exchange
http, self.token_uri, method='POST', body=body, headers=headers)
File "C:\johnsnow\packages\test\lib\site-packages\oauth2client\transport.py", line 282, in request
connection_type=connection_type)
File "C:\johnsnow\packages\test\lib\site-packages\httplib2\__init__.py", line 1570, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "C:\johnsnow\packages\test\lib\site-packages\httplib2\__init__.py", line 1317, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "C:\johnsnow\packages\test\lib\site-packages\httplib2\__init__.py", line 1252, in _conn_request
conn.connect()
File "C:\johnsnow\packages\test\lib\site-packages\httplib2\__init__.py", line 1044, in connect
raise SSLHandshakeError(e)
httplib2.SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
I'm not exactly sure how it happened as I was working in a virtualenv, but there was a dependency issue in the version of httplib2 and oauth2. After an uninstall and then reinstall, there was an error that the two libraries were incompatible.
Doing pip freeze showed I had httplib2==0.8 but oauth2client required httplib2=>0.9.
This was resolved by doing pip install --upgrade httplib2.

aws cli works perfectly but Python script gets CERTIFICATE_VERIFY_FAILED

I ssh to my EC2 instance. I can run these commands and they work perfectly:
aws sqs list-queues
aws s3 ls
I have a small Python script that pulls data from a database, formats it as XML, and then uploads the file to S3. This upload fails with this error:
Traceback (most recent call last):
File "./data_test/data_analytics/lexisnexis/async2.py", line 289, in <module>
insert_parallel(engine, qy, Create_Temp.profile_id, nworkers)
File "./data_test/data_analytics/lexisnexis/async2.py", line 241, in insert_parallel
s3upload(bucketname, keyname, f)
File "./data_test/data_analytics/lexisnexis/async2.py", line 89, in s3upload
bucket = conn.get_bucket(bucketname)
File "/usr/lib/python2.7/dist-packages/boto/s3/connection.py", line 506, in get_bucket
return self.head_bucket(bucket_name, headers=headers)
File "/usr/lib/python2.7/dist-packages/boto/s3/connection.py", line 525, in head_bucket
response = self.make_request('HEAD', bucket_name, headers=headers)
File "/usr/lib/python2.7/dist-packages/boto/s3/connection.py", line 668, in make_request
retry_handler=retry_handler
File "/usr/lib/python2.7/dist-packages/boto/connection.py", line 1071, in make_request
retry_handler=retry_handler)
File "/usr/lib/python2.7/dist-packages/boto/connection.py", line 1030, in _mexe
raise ex
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
How can I have a script that dies, even when aws cli works?
To be clear, I'm running the Python script as the same user, from the same EC2 instance, as I run the aws cli commands.
aws --version
aws-cli/1.11.176 Python/2.7.12 Linux/4.9.43-17.38.amzn1.x86_64 botocore/1.7.34
The last line of your error messages tells you the problem:
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Your issue could be one of the following:
1) There is an error with the certificate with the server that you are connecting to.
2) The certificate chain is incomplete for the server that you are connecting to.
3) You are missing "cacert.pem". Do a Google search on "cacert.pem". This is a common problem and there is a lot of information on downloading and installing this file.
Certificate verification in Python

SSL certificates download

I am attempting to use requests package from python to access this site: https://egov.uscis.gov/casestatus/landing.do
When I ran this command:
requests.get('https://egov.uscis.gov/casestatus/landing.do')
I got the usual SSL error when your authentication verification fails..
Read through stackoverflow and adopted one of the solutions: download the certificate in (.crt) and then used openssl to convert to .pem file. I then copied the contents from this .pem file to the end of cacert.pem. However this did not work.
>>> requests.get('https://egov.uscis.gov/casestatus/landing.do')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\Sandra\Anaconda\lib\site-packages\requests\api.py", line 69, in get
return request('get', url, params=params, **kwargs)
File "C:\Users\Sandra\Anaconda\lib\site-packages\requests\api.py", line 50, in request
response = session.request(method=method, url=url, **kwargs)
File "C:\Users\Sandra\Anaconda\lib\site-packages\requests\sessions.py", line 465, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\Sandra\Anaconda\lib\site-packages\requests\sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "C:\Users\Sandra\Anaconda\lib\site-packages\requests\adapters.py", line 431, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
Any pointers as to how I can overcome this without resorting to verify=False
Also Is there any difference in downloading the file via https://superuser.com/a/97203 and https://superuser.com/a/176721?
Because I have no issue with requests.get('https://www.google.com'), do other websites place restrictions on the certificate you download?
egov.usics.gov does not provide a complete chain in its SSL handshake.
You'll need to employ a workaround similar to what's suggested here until the site administrator fixes the certificate chain issue. The intermediate certificate in your case can be obtained from https://ssl-tools.net/certificates/yuox7i-symantec-class-3-secure-server-ca
There are three ways to setup CA cert:
$ pip install certifi then
>>> requests.get(url, verify=certifi.where())
>>> requests.get(url, verify='/path/to/cert_bundle_file')
>>> os.environ['REQUESTS_CA_BUNDLE'] = '/path/to/cert_bundle_file'
>>> requests.get(url)

Python Beatbox to Salesforce Error Connecting to Salesforce

I just had my computer re-imaged and have Python 2.7.9 (64-bit) installed on my machine. Using PIP I have beatbox 32.1 installed.
When I make the call to connect to Salesforce:
sf_client.login(sf_username, sf_password)
logging.info('Connected successfully')
I receive an error message. I have tried just the normal login credentials which has always worked and have attempted to connect with my token in the password too.
Has anyone run into this error with Python Beatbox and do you know what debugging options I could try to get to the bottom of this?
Traceback (most recent call last):
File "C:\myCode\salesforceload_beatbox.py", line 126, in <module>
sf_client.login(sf_username, sf_password)
File "C:\Python27\lib\site-packages\beatbox\python_client.py", line 76, in login
res = BaseClient.login(self, username, passwd)
File "C:\Python27\lib\site-packages\beatbox\_beatbox.py", line 62, in login
lr = LoginRequest(self.serverUrl, username, password).post()
File "C:\Python27\lib\site-packages\beatbox\_beatbox.py", line 330, in post
raise RuntimeError('No response from Salesforce')
RuntimeError: No response from Salesforce
After digging deeper into this (and debugging the HTTP connection with requests package), I'm failing at this level
Traceback (most recent call last):
File "C:\myCode\SFDC\test_beatbox_call2.py", line 34, in <module>
requests.get(sf_client.login(sf_username, sf_password))
File "C:\Python27\lib\site-packages\beatbox\python_client.py", line 76, in login
res = BaseClient.login(self, username, passwd)
File "C:\Python27\lib\site-packages\beatbox\_beatbox.py", line 78, in login
lr = LoginRequest(self.serverUrl, username, password).post()
File "C:\Python27\lib\site-packages\beatbox\_beatbox.py", line 344, in post
conn.request("POST", path, self.makeEnvelope(), headers)
File "C:\Python27\lib\httplib.py", line 1001, in request
self._send_request(method, url, body, headers)
File "C:\Python27\lib\httplib.py", line 1035, in _send_request
self.endheaders(body)
File "C:\Python27\lib\httplib.py", line 997, in endheaders
self._send_output(message_body)
File "C:\Python27\lib\httplib.py", line 850, in _send_output
self.send(msg)
File "C:\Python27\lib\httplib.py", line 812, in send
self.connect()
File "C:\Python27\lib\httplib.py", line 1216, in connect
server_hostname=server_hostname)
File "C:\Python27\lib\ssl.py", line 350, in wrap_socket
_context=self)
File "C:\Python27\lib\ssl.py", line 566, in __init__
self.do_handshake()
File "C:\Python27\lib\ssl.py", line 788, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
After searching and googling profusely about TLS connections, etc, I noticed this weekend that my cmd.exe window (which I run the PIP commands from) was launching under C:\Windows\System32> and all of my vms were launching within my personal user directory.
So I searched for my roaming cmd.exe and when I opened that, it was to my personal user directory.
After doing an uninstall and install of beatbox using PIP in the new cmd.exe, all of my Salesforce calls via Beatbox work like they used to.
Now I can't fully explain why this is the case, but something tells me that the certs for this admin location are probably mismatched to my personal certificates. I'm up and running again.

Web2py 3rd party authentication

I have made a webapp in python using web2py which has 3rd party authentication using Janrain as recommended.
On my local server it worked absolutely fine, but now when I deployed on pythonanywhere, the authentication is giving me the following error
"class 'urllib2.URLError' urlopen error Tunnel connection failed: 403 Forbidden"
Stack
===========
File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
URLError: <urlopen error Tunnel connection failed: 403 Forbidden>
==========================
For third party authentication I had used yahoomail id.
This has now been fixed, but in case anyone else comes across this issue or a similar issue:
the problem was that free users on PythonAnywhere have restricted internet, that goes via a proxy and only allows a whitelist of sites.
The sites .janrain.com and .rpxnow.com weren't on the whitelist at the time, but we have now added them, and the janrain/yahoo mail login now works.
So, for anyone else that happens to be going via a proxy and trying to use this service, those are the sites you need to add. (may also be of interest to paranoid people that like to run noscript, if you find some federated auth system failing, you may need to unblock rpxnow).
Happy coding everyone!